Malicious malware detected while server browser is open?
#1
Hey, everyone. Usually I change my name all the time, so you might or might not ever recognize me in game.

Anyways, I felt as if this post fit here as it had to do with the server browser. I have Malware-Bytes running real-time, so it basically blocks any threats that it finds suspicious. Since I recently got this, I of course, never knew about this stuff before I got the real-time 'protection'.

So whenever I open the server browser, and am scrolling through the servers, Malware-Bytes pickups this:

http://imgur.com/0lFk0dD

It flashes this continually until either I close the game or join a server. Again, this only seems to happen while I have the server browser open. Malware-Bytes also doesn't show any other IP's, so I'm guessing it's just this one server.

I decided to look up the website using the IP I was given, and found it here:

http://www.borderware.com/lookup.php?ip=185.82.200.227

As you can see it's from the Netherlands, it also has no information whatsoever--which makes it seem more like a harmful website. If it was official and visited often I'd imagine it would have some sort of into on viruses, malware, etc.

I just wanted to report this and maybe see if this was normal, or if some of the game admins could do something about this server. Thanks. :)
Thanks given by:
#2
I remember using the "real time protection" from Malware Bytes and this message showed up, if you check at the exact moment it appears, it's when you request the server list from the masterserver, so I guess this IP adress is the masterserver.

On a side note, I desactivated this "real time protection" because it was really annoying, alerting me all the time, for absolutely nothing. Don't do shits, it's the best real time protection.
Thanks given by:
#3
Well... That address doesn't belong to the masterserver, it belongs to Butterfly - KiN [Public Server] - NL

If there is a webserver running there than it isn't on an open port that is accessible to the outside.
Strange RDNS record for that address though -we.westvirginiawhtewater.com
Thanks given by:
#4
I'm still wondering as to what it was trying to do to my computer, though. It's blocking a website, so was it trying to do something to my main browser (Google Chrome)? Or download a file? AdWare? Or even just opening a website?
Thanks given by:
#5
It couldn't be blocking a website, as there isn't one at that address. However, if you really don't think it is a false-positive you might just ask the clan that runs the server: http://kinac.ml/
Thanks given by:
#6
Those service's lists are so outdated. I can't register on Debian forums because my IP range it's blacklisted. I made a research on 'stop forum spam' (I think it's called like that) and I found that in 2003 (yes, 2003) some idiot was spamming forums using this range. :D

I don't know if this is helpful or what..
Thanks given by:
#7
It is my server and I am not sure about this.
But I canceled this server :D
Thanks given by: